David Sackstein's Blog

11 ביוני 2009

In his book, “Programming WCF Services”, Juval Lowy does a superb job of explaining the principles of WCF Security and simplifies the subject by discussing 4 typical security scenarios.

I implemented those scenarios as demos for my latest class in WCF and I would like share them with you in this and the next few posts.

Why should you read on?

These demos are concise yet complete. My approach has been to use configuration files only – no code. For each scenario I present two complete configuration files, one for the client and one for the server. I have removed every character that is not absolutely necessary for the demonstration. I have also aligned the configuration files so you can easily compare them line by line to locate the differences.

Hopefully you should be able to get started with one of these demos very quickly.

Overview

Each has a demo in the source code. The four demos are identical except for their configuration files (and the Internet demo which differs slightly in code too).

Each demo consists of a self-hosted console application which also contains the service implementation and a console client application that consumes it. The service consists of a calculator contract with one method.

This is the contract:

namespace CalculatorService

{

[ServiceContract]

publicinterfaceICalculator

{

[OperationContract]

double Add(double a, double b);

}

}

This is the implementation

namespace CalculatorService

{

[ServiceBehavior]

publicclassCalculator : ICalculator

{

#region ICalculator Members

publicdouble Add(double a, double b)

{

return a + b;

}

#endregion

}

}

And this is the client code

namespace Client

{

classProgram

{

void Run()

{

try

{

CalculatorClient calc = newCalculatorClient();

double result = calc.Add(5, 6);

Console.WriteLine("Result = {0}", result);

}

catch (Exception ex)

{

Console.WriteLine(ex.Message);

}

}

staticvoid Main(string[] args)

{

newProgram().Run();

Console.ReadLine();

}

}

}

The only exception to this is in the Internet scenario where I demonstrate role-based security. I will show you the small differences in code for that scenario in the last post of this series.

Apart from that, we are done with code, let’s go and read those app.configs. . .